search

redis / docker-library-redis

Docker Official Image packaging for Redis
http://redis.io
BSD 3-Clause "New" or "Revised" License
1.12k stars 563 forks source link

Make two passwords available in the default user #310

Closed mrojasbb closed 2 years ago

mrojasbb commented 2 years ago

Hello all. Sorry if this is not the place to put a question related to redis. If this is not the place, can someone guide me where to put it? I want to know how can I mark/put two passwords as valid to the default user. I've been trying to do something like:

 containers:
  - name: {{ .Chart.Name }}
    securityContext:
      {{- toYaml .Values.redis.securityContext | nindent 12 }}
    image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag | default .Chart.AppVersion }}"
    imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
    env:
      - name: REDIS_SECRET1
        valueFrom:
          secretKeyRef:
            name: "container1"
            key: "REDIS_SECRET1"
      - name: REDIS_SECRET2              
        valueFrom:
          secretKeyRef:
            name: "container1"
            key: "REDIS_SECRET2"
    readinessProbe:
      exec:
        command:
        - bash
        - "-c"
        - |
          redis-cli -a $REDIS_SECRET1 ping
      initialDelaySeconds: 5
    resources:
      {{- toYaml .Values.redis.resources | nindent 12 }}
    command: 
    - bash
    - "-c"
    - |
      redis-server --requirepass $REDIS_SECRET1; redis-cli -a $REDIS_SECRET1 acl setuser default ">$(REDIS_SECRET2)"

But got no success, Am I not putting the command redis-cli -a $REDIS_SECRET1 acl setuser default ">$(REDIS_SECRET2)" in a correct form or does the --requirepass is messing with having two valid passwords for the default user?

Thanks a lot!

wglambert commented 2 years ago

I think the easiest and cleanest way is to specify an acl file to use https://redis.io/docs/manual/security/acl/#use-an-external-acl-file

I've tried different incantations of the command but I haven't found a way to override the default user's nopass setting through the acl setuser It can almost work with making another user but even with authenticating in the same command it needs to wait for the server to come up to then connect and do the acl setuser

You could also try asking over at the Docker Community Forums, Docker Community Slack, or Stack Overflow. Since these repos aren't really a user-help forum

mrojasbb commented 2 years ago

I use the requirepass in order to set a password to the default user, but I see that I cannot use again the requirepass to set the second password without overwrite the existing one. I see that requirepass just let me set one password to the default user. I can set the second password to the default user using redis-cli -a $REDIS_SECRET1 ACL SETUSER default on ">$(REDIS_SECRET2)" ~* +@all but I cannot manage to run this command in the redis container or at least run redis-cli in the container, authenticate with a valid password and after that run something like acl setuser default >$(REDIS_SECRET2) to set the second password to the user

Matir commented 2 years ago

Your redis-cli command won't be executed until after the redis-server has exited.